cryptgeon is a secure, open source note / file sharing service inspired by PrivNote written in rust & svelte.
Go to file
cupcakearmy 2def365cae
quality of life improvemnts
2021-12-30 22:36:28 +01:00
.github 1.2.0 2021-11-11 13:37:21 +01:00
.vscode editor 2021-05-02 03:08:43 +02:00
client quality of life improvemnts 2021-12-30 22:36:28 +01:00
design use svg as text 2021-05-07 12:14:07 +02:00
examples/nginx examples on deployment 2021-12-16 13:54:15 +01:00
src quality of life improvemnts 2021-12-30 22:36:28 +01:00
.dockerignore bug 2021-05-08 10:16:05 +02:00
.gitattributes move svg from lfs to repo 2021-05-02 16:24:31 +02:00
.gitignore add support for files 2021-12-21 00:15:04 +01:00
CHANGELOG.md quality of life improvemnts 2021-12-30 22:36:28 +01:00
Cargo.lock add version in about page 2021-12-22 15:20:30 +01:00
Cargo.toml add version in about page 2021-12-22 15:20:30 +01:00
Dockerfile 1.2.0 2021-11-11 13:37:21 +01:00
LICENSE Create LICENSE 2021-05-02 12:13:13 +02:00
README.md quality of life improvemnts 2021-12-30 22:36:28 +01:00
cypress.json config 2021-05-10 10:04:19 +02:00
docker-compose.yml add env 2021-12-22 14:56:33 +01:00
package.json add support for files 2021-12-21 00:15:04 +01:00
pnpm-lock.yaml add support for files 2021-12-21 00:15:04 +01:00
proxy.mjs time based fix 2021-12-22 14:46:06 +01:00

README.md

logo

discord docker pulls Docker image size badge Latest version
Cryptgeon - Securely share self-destructing notes | Product Hunt

About?

cryptgeon is a secure, open source sharing note or file service inspired by PrivNote

Demo

Check out the demo and see for yourself https://cryptgeon.nicco.io.

Features

  • server cannot decrypt contents due to client side encryption
  • view or time constraints
  • in memory, no persistence
  • obligatory dark mode support

How does it work?

each note has a generated id (256bit) and key 256(bit). The id is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the client side with the key and then sent to the server. data is stored in memory and never persisted to disk. the server never sees the encryption key and cannot decrypt the contents of the notes even if it tried to.

Screenshot

screenshot

Environment Variables

Variable Default Description
MEMCACHE memcached:11211 Memcached URL to connect to.
SIZE_LIMIT 1 KiB Max size for body. Accepted values according to byte-unit

Deployment

https is required otherwise browsers will not support the cryptographic functions.

Docker

Docker is the easiest way. There is the official image here.

# docker-compose.yml

version: '3.7'

services:
  memcached:
    image: memcached:1-alpine
    entrypoint: memcached -m 128M -I 4M # Limit to 128 MB Ram, 4M per entry, customize at free will.

  app:
    image: cupcakearmy/cryptgeon:latest
    depends_on:
      - memcached
    environment:
      SIZE_LIMIT: 4M
    ports:
      - 80:5000

NGINX Proxy

See the examples/nginx folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.

Traefik 2

Assumptions:

  • External proxy docker network proxy
  • A certificate resolver le
  • A https entrypoint secure
  • Domain name example.org
version: '3.8'

networks:
  proxy:
    external: true

services:
  memcached:
    image: memcached:1-alpine
    restart: unless-stopped
    entrypoint: memcached -m 128M -I 4M # Limit to 128 MB Ram, 4M per entry, customize at free will.

  app:
    image: cupcakearmy/cryptgeon:latest
    restart: unless-stopped
    depends_on:
      - memcached
    networks:
      - default
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.cryptgeon.rule=Host(`example.org`)
      - traefik.http.routers.cryptgeon.entrypoints=secure
      - traefik.http.routers.cryptgeon.tls.certresolver=le

Development

  1. Clone
  2. run pnpm i in the root and and client client/ folders.
  3. Run pnpm run dev to start development.

Running npm run dev in the root folder will start the following things

  • a memcache docker container
  • rust backend with hot reload
  • client with hot reload

You can see the app under localhost:1234.

Attributions

Icons made by freepik from www.flaticon.com